[Agda] Alpha version of Agda Installer for Windows

IKEGAMI Daisuke ikegami-daisuke at aist.go.jp
Wed Feb 20 09:22:42 CET 2008 

Dear All,

> please test this now and report problems if you have 20+ minutes to
> spare.

I report a minor notice about the first Agda2 installer for Windows in
this mail. The following comment does not prevent developers from
working with Agda2. Please do not be worried about this report and
continue your interests about Agda2.

I look the first installer of Agda2 and notice that the 'unzip.exe' in
the distribution has a vulnerability, which is found recently.

  http://www.gzip.org/
  http://www.securityfocus.com/bid/3712

        ------------------------------------------------

However, the 'unzip.exe' is /safe in practise/ if you will install
Agda2 into a short directory path; precisely, the length of path must
be smaller 1024 characters. I guess, you merely want to install Agda2
into long path. 

  I'm afraid that if you want to make a server-side /meta/ installer
  for Windows to distribute Agda2 to students; then the vulnerability
  may be danger.

The 'unzip.exe' is used only to un-compress packages at the step of
installation. Agda2 does not use 'unzip.exe' at all. Please do not use 
it for other purpose except for the installation of Agda2. 

        ------------------------------------------------

I'm glad that the first installer of Agda2 for Windows has been shipped.

Because Agda2 depends on many softwares (the current ghc, the head of
GHC libraries (the head of gzip, QuickCheck and so on), emacs and the
haskell-mode), I easily imagine that it is not easy to create the
installer. It is a great job.

Cheers,
Ike

P.S.
To avoid this problem, (oops, it is not a problem, but needless fears) 
we can use the default format '.cab' instead of zip on Windows; 
Because the installer does not use another tools in UnxUtils except
for unzip.exe, How about using .cab?

Otherwise make 'unzip.exe' with the source at UnxUtils with the
following patch:
  http://www.gzip.org/gzip-1.2.4b.patch
The patch works with UnxUtils. 

'unzip.exe' is a member of 'UnxUtils' project, which is released on
March 1, 2007 (it's really too old).
  http://sourceforge.net/projects/unxutils/

More information about the Agda mailing list